Russian Vulnerability Scanner Database

Back to List

CVE-2014-0226

Scores

EPSS

0.754medium75.4%
0%20%40%60%80%100%

Percentile: 75.4%

CVSS

6.8medium2.0
0246810

CVSS Score: 6.8/10

All CVSS Scores

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-362CWE-662

Related Vulnerabilities

BDU:2015-00396

Exploits

Exploit ID: 34133

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34133

Exploit ID: CVE-2014-0226

Source: github-poc

URL: https://github.com/shreesh1/CVE-2014-0226-poc

Recommendations

Source: nvd

All Apache users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=www-servers/apache-2.2.29”

URL: https://security.gentoo.org/glsa/201504-03

Source: nvd

All Apache HTTP Server users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=www-servers/apache-2.2.27-r4”

URL: http://security.gentoo.org/glsa/glsa-201408-12.xml

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1020.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1019.html

Vulnerable Software (360)

Type: Configuration

Product: antlr-eap6

Operating System: rhel

Trait: 
{  "fixed": "2.7.7-17.redhat_4.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: antlr-eap6

Operating System: rhel

Trait: 
{  "fixed": "2.7.7-17.redhat_4.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-beanutils-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.8.3-7.redhat_6.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-beanutils-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.8.3-7.redhat_6.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-cli-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.2-6.redhat_4.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-cli-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.2-6.redhat_4.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-codec-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.4-16.redhat_3.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-codec-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.4-16.redhat_3.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-collections-eap6

Operating System: rhel

Trait: 
{  "fixed": "3.2.1-15.redhat_3.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-collections-eap6

Operating System: rhel

Trait: 
{  "fixed": "3.2.1-15.redhat_3.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-collections-eap6

Operating System: rhel

Trait: 
{  "fixed": "3.2.1-15.redhat_3.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-collections-eap6

Operating System: rhel

Trait: 
{  "fixed": "3.2.1-15.redhat_3.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-configuration-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.6-1.redhat_3.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-configuration-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.6-1.redhat_3.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-daemon-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.0.15-5.redhat_1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-daemon-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.0.15-5.redhat_1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-daemon-jsvc-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.0.15-6.redhat_2.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-daemon-jsvc-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.0.15-6.redhat_2.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-commons-daemon-jsvc-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.0.15-6.redhat_2.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-commons-daemon-jsvc-eap6

Operating System: rhel

Trait: 
{  "fixed": "1.0.15-6.redhat_2.ep6.el6"}

Source: redhat